From 07cfbe5c1dbd7c7fe98bda4701426c86fc76a8a0 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Sun, 10 Apr 2016 02:44:58 +0900
Subject: wip wip

---
 ext/openssl/extconf.rb        |  3 ++-
 ext/openssl/openssl_missing.c | 25 ++++++++++++++++++++++
 ext/openssl/openssl_missing.h |  9 ++++++++
 ext/openssl/ossl_x509attr.c   | 50 ++++++++++++++++++++++++++++++-------------
 ext/openssl/ossl_x509cert.c   |  2 +-
 ext/openssl/ossl_x509crl.c    |  6 ++++--
 6 files changed, 76 insertions(+), 19 deletions(-)

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index a0d12a63bc..a75855ddf7 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -106,9 +106,11 @@ have_func("X509_CRL_add0_revoked")
 have_func("X509_CRL_set_issuer_name")
 have_func("X509_CRL_set_version")
 have_func("X509_CRL_sort")
+have_func("X509_CRL_get0_signature")
 have_func("X509_NAME_hash_old")
 have_func("X509_STORE_get_ex_data")
 have_func("X509_STORE_set_ex_data")
+have_func("X509_up_ref")
 have_func("OBJ_NAME_do_all_sorted")
 have_func("SSL_SESSION_get_id")
 have_func("SSL_SESSION_cmp")
@@ -165,7 +167,6 @@ end
 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
 have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
 have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
-have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
 have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS")
 have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
 have_func("CRYPTO_lock") # removed in OpenSSL 1.1
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index a053cfb488..145ecfe5da 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -489,3 +489,28 @@ SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
 #endif
 }
 #endif
+
+#if !defined(HAVE_X509_UP_REF)
+void
+X509_up_ref(X509 *x509)
+{
+    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+}
+
+void
+X509_CRL_up_ref(X509_CRL *crl)
+{
+    CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+}
+#endif
+
+#if !defined(X509_CRL_GET0_SIGNATURE)
+void
+X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
+{
+    if (psig != NULL)
+	*psig = &crl->signature;
+    if (palg != NULL)
+	*palg = &crl->sig_alg;
+}
+#endif
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 90cb6f060a..ef0e301e99 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -212,6 +212,15 @@ int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
 int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
 #endif
 
+#if !defined(HAVE_X509_UP_REF)
+void X509_up_ref(X509 *x509);
+void X509_CRL_up_ref(X509_CRL *crl);
+#endif
+
+#if !defined(X509_CRL_GET0_SIGNATURE)
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl);
+#endif
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
index d0f41c6bb8..8f51436fd6 100644
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@@ -178,13 +178,13 @@ ossl_x509attr_get_oid(VALUE self)
     return ret;
 }
 
-#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
+/*#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE)
 #  define OSSL_X509ATTR_IS_SINGLE(attr)  ((attr)->single)
 #  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
 #else
 #  define OSSL_X509ATTR_IS_SINGLE(attr)  (!(attr)->value.set)
 #  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
-#endif
+#endif*/
 
 /*
  * call-seq:
@@ -202,13 +202,27 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
 	ASN1_TYPE_free(a1type);
 	ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
     }
+
     GetX509Attr(self, attr);
-    if(attr->value.set){
-	if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single);
-	else sk_ASN1_TYPE_free(attr->value.set);
+    if (X509_ATTRIBUTE_count(attr)) {
+	ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
+	/* populated, reset first */
+	X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_new();
+	if (!attr) {
+	    ASN1_TYPE_free(a1type);
+	    ossl_raise(rb_eRuntimeError, "X509_ATTRIBUTE_new() failed");
+	}
+	SetX509Attr(self, new_attr);
+	X509_ATTRIBUTE_set1_object(new_attr, obj);
+	X509_ATTRIBUTE_free(attr);
+	attr = new_attr;
     }
-    OSSL_X509ATTR_SET_SINGLE(attr);
-    attr->value.single = a1type;
+
+    if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value)) {
+	ASN1_TYPE_free(a1type);
+	ossl_raise(eX509AttrError, "X509_ATTRIBUTE_set1_data() failed");
+    }
+    ASN1_TYPE_free(a1type);
 
     return value;
 }
@@ -224,26 +238,32 @@ ossl_x509attr_get_value(VALUE self)
     VALUE str, asn1;
     long length;
     unsigned char *p;
+    int count;
 
     GetX509Attr(self, attr);
-    if(attr->value.ptr == NULL) return Qnil;
-    if(OSSL_X509ATTR_IS_SINGLE(attr)){
-	length = i2d_ASN1_TYPE(attr->value.single, NULL);
+    count = X509_ATTRIBUTE_count(attr);
+    if (!count) return Qnil;
+    if (count == 1) {
+	ASN1_TYPE *a1type = X509_ATTRIBUTE_get0_type(attr, 0);
+	length = i2d_ASN1_TYPE(a1type, NULL);
 	str = rb_str_new(0, length);
 	p = (unsigned char *)RSTRING_PTR(str);
-	i2d_ASN1_TYPE(attr->value.single, &p);
-	ossl_str_adjust(str, p);
+	i2d_ASN1_TYPE(a1type, &p);
     }
     else{
-	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
+	/*length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
 			(unsigned char **) NULL, i2d_ASN1_TYPE,
 			V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
 	str = rb_str_new(0, length);
 	p = (unsigned char *)RSTRING_PTR(str);
 	i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
-			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
-	ossl_str_adjust(str, p);
+			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);*/
+	length = i2d_X509_ATTRIBUTE(attr, NULL);
+	str = rb_str_new(0, length);
+	p = (unsigned char *)RSTRING_PTR(str);
+	i2d_X509_ATTRIBUTE(attr, &p);
     }
+    ossl_str_adjust(str, p);
     asn1 = rb_funcall(mASN1, rb_intern("decode"), 1, str);
 
     return asn1;
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 4dafae17b9..db8ba02375 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj)
 
     SafeGetX509(obj, x509);
 
-    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x509);
 
     return x509;
 }
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index f64712efcd..9ad98430ab 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj)
     X509_CRL *crl;
 
     SafeGetX509CRL(obj, crl);
-    CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+    X509_CRL_up_ref(crl);
 
     return crl;
 }
@@ -180,6 +180,7 @@ static VALUE
 ossl_x509crl_get_signature_algorithm(VALUE self)
 {
     X509_CRL *crl;
+    X509_ALGOR *alg;
     BIO *out;
     BUF_MEM *buf;
     VALUE str;
@@ -188,7 +189,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self)
     if (!(out = BIO_new(BIO_s_mem()))) {
 	ossl_raise(eX509CRLError, NULL);
     }
-    if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) {
+    X509_CRL_get0_signature(NULL, &alg, crl);
+    if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
 	BIO_free(out);
 	ossl_raise(eX509CRLError, NULL);
     }
-- 
cgit v1.2.3